diff options
Diffstat (limited to 'system/helpers/form_helper.php')
| -rw-r--r-- | system/helpers/form_helper.php | 105 |
1 files changed, 46 insertions, 59 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 1bccac35c..e7bea92cc 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php /** * CodeIgniter * @@ -22,7 +22,9 @@ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 + * @filesource */ +defined('BASEPATH') OR exit('No direct script access allowed'); /** * CodeIgniter Form Helpers @@ -124,9 +126,9 @@ if ( ! function_exists('form_hidden')) * Generates hidden fields. You can pass a simple key/value string or * an associative array with multiple values. * - * @param mixed - * @param string - * @param bool + * @param mixed $name Field name + * @param string $value Field value + * @param bool $recursing * @return string */ function form_hidden($name, $value = '', $recursing = FALSE) @@ -149,7 +151,7 @@ if ( ! function_exists('form_hidden')) if ( ! is_array($value)) { - $form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value, $name)."\" />\n"; + $form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value)."\" />\n"; } else { @@ -243,9 +245,9 @@ if ( ! function_exists('form_textarea')) /** * Textarea field * - * @param mixed - * @param string - * @param string + * @param mixed $data + * @param string $value + * @param string $extra * @return string */ function form_textarea($data = '', $value = '', $extra = '') @@ -263,7 +265,7 @@ if ( ! function_exists('form_textarea')) } $name = is_array($data) ? $data['name'] : $data; - return '<textarea '._parse_form_attributes($data, $defaults).$extra.'>'.form_prep($val, $name)."</textarea>\n"; + return '<textarea '._parse_form_attributes($data, $defaults).$extra.'>'.form_prep($val, TRUE)."</textarea>\n"; } } @@ -298,10 +300,10 @@ if ( ! function_exists('form_dropdown')) /** * Drop-down Menu * - * @param string - * @param array - * @param string - * @param string + * @param mixed $name + * @param mixed $options + * @param mixed $selected + * @param mixed $extra * @return string */ function form_dropdown($name = '', $options = array(), $selected = array(), $extra = '') @@ -316,10 +318,7 @@ if ( ! function_exists('form_dropdown')) return form_dropdown($name['name'], $name['options'], $name['selected'], $name['extra']); } - if ( ! is_array($selected)) - { - $selected = array($selected); - } + is_array($selected) OR $selected = array($selected); // If no selected state was submitted we will attempt to set it automatically if (count($selected) === 0 && isset($_POST[$name])) @@ -352,14 +351,17 @@ if ( ! function_exists('form_dropdown')) foreach ($val as $optgroup_key => $optgroup_val) { $sel = in_array($optgroup_key, $selected) ? ' selected="selected"' : ''; - $form .= '<option value="'.$optgroup_key.'"'.$sel.'>'.(string) $optgroup_val."</option>\n"; + $form .= '<option value="'.form_prep($optgroup_key).'"'.$sel.'>' + .(string) $optgroup_val."</option>\n"; } $form .= "</optgroup>\n"; } else { - $form .= '<option value="'.$key.'"'.(in_array($key, $selected) ? ' selected="selected"' : '').'>'.(string) $val."</option>\n"; + $form .= '<option value="'.form_prep($key).'"' + .(in_array($key, $selected) ? ' selected="selected"' : '').'>' + .(string) $val."</option>\n"; } } @@ -600,45 +602,28 @@ if ( ! function_exists('form_prep')) * * Formats text so that it can be safely placed in a form field in the event it has HTML tags. * - * @param string - * @param string - * @return string + * @param string|string[] $str Value to escape + * @param bool $is_textarea Whether we're escaping for a textarea element + * @return string|string[] Escaped values */ - function form_prep($str = '', $field_name = '') + function form_prep($str = '', $is_textarea = FALSE) { - static $prepped_fields = array(); - - // if the field name is an array we do this recursively if (is_array($str)) { - foreach ($str as $key => $val) + foreach (array_keys($str) as $key) { - $str[$key] = form_prep($val); + $str[$key] = form_prep($str[$key], $is_textarea); } return $str; } - if ($str === '') - { - return ''; - } - - // we've already prepped a field with this name - // @todo need to figure out a way to namespace this so - // that we know the *exact* field and not just one with - // the same name - if (isset($prepped_fields[$field_name])) - { - return $str; - } - - if ($field_name !== '') + if ($is_textarea === TRUE) { - $prepped_fields[$field_name] = $field_name; + return str_replace(array('<', '>'), array('<', '>'), stripslashes($str)); } - return html_escape($str); + return str_replace(array("'", '"'), array(''', '"'), stripslashes($str)); } } @@ -653,23 +638,21 @@ if ( ! function_exists('set_value')) * re-populate an input field or textarea. If Form Validation * is active it retrieves the info from the validation class * - * @param string - * @param string - * @return mixed + * @param string $field Field name + * @param string $default Default value + * @param bool $is_textarea Whether the field is a textarea element + * @return string */ - function set_value($field = '', $default = '') + function set_value($field = '', $default = '', $is_textarea = FALSE) { if (FALSE === ($OBJ =& _get_validation_object())) { - if ( ! isset($_POST[$field])) - { - return $default; - } - - return form_prep($_POST[$field], $field); + return isset($_POST[$field]) + ? form_prep($_POST[$field], $is_textarea) + : form_prep($default, $is_textarea); } - return form_prep($OBJ->set_value($field, $default), $field); + return form_prep($OBJ->set_value($field, $default), $is_textarea); } } @@ -890,8 +873,8 @@ if ( ! function_exists('_parse_form_attributes')) * * Helper function used by some of the form helpers * - * @param array - * @param array + * @param array $attributes List of attributes + * @param array $default Default values * @return string */ function _parse_form_attributes($attributes, $default) @@ -919,7 +902,11 @@ if ( ! function_exists('_parse_form_attributes')) { if ($key === 'value') { - $val = form_prep($val, $default['name']); + $val = form_prep($val); + } + elseif ($key === 'name' && ! strlen($default['name'])) + { + continue; } $att .= $key.'="'.$val.'" '; |